Hi guys, i start working in my new lab to learn metasploit completely so i used ms03_026_dcom exploit to attack to a windows xp machine but i cant get access is any body know why? here is the complete details:

Yes gromicYour Guess is absolutely true.so first if it patched in sp1-2 then why we can see windows 2003 in exploit target range?then i wanna ask you something what is your opinion about this video serious?

who on earth will be using XP with no SPs and with a disabled firewall lol, even if the exploit worked, what's the point of getting access to a host threw that exploit whithout knowing what is really happening at the back end and how does these exploits exactly work.

Last edited by ZeroOne on Sun May 27, 2012 3:13 pm, edited 1 time in total.

Subscribe to the Bugtraq and Full-Disclosure mailing lists. They are used for reporting and discussing new vulnerabilities. Unfortunately, any tool/exploit you see announced there won't work for long on any system that is kept up to date.

If you want to have something reliable that is going to work on a fully patched system, then you either need to write your own exploits and keep them secret or find someone willing to share their zero-days with you (not likely unless you're paying).

There's nothing wrong with playing with a completely unpatched system to test out a tool like Metasploit to learn how it works, but you don't need to learn the exploits themselves. Exploits have a short shelf life. MS03-026 is from 2003 (hence MS03); it's ancient.

If you want to target Windows XP SP3 systems, your best bet is to use exploits targeting applications like Acrobat or Flash. Those are less likely to be up to date. Of course, you'll have to find some way to get the user to run the exploit.

You should probably look for some of the other getting started threads on this site and follow the suggestions for reading/learning/experimenting. You need to build up a skill set rather than looking for a magic bullet. Occasionally a magic bullet does come along, but they don't last.

@ZeroOne I agree with you on that. But as unicityd wrote ... it's not the point to have a working exploit with which you can hack a gazillion of machines, but to learn how Metasploit as a tool functions. And here I think for learning purposes it's totally fine to follow along an "old" exploit just to see what options there are, how to use them ...and so on... So, see it as a "walk before you can run" thing ;o).

One thought on "who on earth will be using XP with no SPs", though. Think about all the people who run a stolen/hacked copy of XP (or Vista or Win7) on their machines with update services disabled in panic of not getting caught ... I heared this can be quite common in Third World countries. I don't know any statistics to show this though... it was just a thought...so please don't get me on this ;o)...

But you are probably right, in times of vista, win7 an unpatched copy of XP might be rare... (at least I have no personal experience about that...)

@ cyber.spiritI think the patch was originally after SP1(or2) and then later added to the SPs... that's why we still see Win 2003 in target range in Metasploit (was that your question?!?)...not sure about this though...

I really like the videos on securitytube. I am quite a fan of the "visual learning approach"....since I can better remember things when someone has shown me how to do it.

By no way am I a metasploit expert. But as with all pen testing, just because a scan says something might be vulnerable, doesn't make it so. Metasploit does have the ability to do a quick check but it will be basing it on a few factors. open ports, responses received and version of software will contain some of these clues to the system being exploitable. But, information could be wrong or you may not be getting the full story. Part of your learning should be to read up on the vulnerability reports for the systems. You can subscribe to Microsoft's security bulletins as well as keep your eyes on Bugtraq like unicityd recommended. If you run an nmap scan against the target and it comes back saying it is Win XP SP3 then look through your lists to see what it might be vulnerable to. Remember, extended support ends soon so security patches will become limited soon.

I am sure you are now wondering about developing your own exploits. Well if you have some decent assembly knowledge, that will be your language of choice to reverse engineer the kernel libraries in Windows. There are some courses that cover this as well as some books out there. You will need to get comfortable with Assembly to make decent exploits and find 0-days. And assembly is a frigid cow of a language definitely not as warm and fuzzy as Python or Ruby But it can unlock a wealth of information from systems if you can navigate the dump. Another tool that will be helpful is the Windows SDK, with some fun virtual serial ports you can connect to a system and run the debugger against it to see all the goings on and even send commands to it to see what breaks or how it behaves.

As for ZeroOne, you would be surprised how many legit copies of XP are still running around without the latest patches and service packs. And as I said before Microsoft will be ending support:http://windows.microsoft.com/en-us/wind ... nd-supportGranted those with XP SP3 are good until 2014. But that gives big organizations and enterprises enough time to roll-out Windows 7 in a non-holy-shit-we-gotta-move manner. It is also sad to know that there are still Windows 2000 and NT4 servers out there in production.

On final note, any new testers out there should be looking toward Windows 7, 8 and Server 2008. If you are in school, by the time you get out, those will be the primary systems out there. Always keep your mind on what will be out there when you graduate.

OK thank you both yeah i agree too in third world countries you can find many of unpatched OS, and 3xban i never say a machine is vulnerable until i get access to it even if port scanner says its vulnerable. but some of exploits in msf is not designed for old machines for example:

Windows/browser/wabdav_dll_hijacker

with this exploit u can get access to W2K8 R2 (If the admin is fool lol)